Threat Intelligence

CloudSEK’s contextual AI digital risk platform XVigil discovered a tweet by the threat group “Khalifah Cyber Crew” announcing a new campaign “OpsBantaiKaw2” for targeting Indian websites.

XVigil has identified an info stealer malware named YTStealer targeting YouTube creators and stealing authentication cookies. The stealer enables an attacker to gain access to control, modify, and monetize the accounts.

A recent 0-day, dubbed CVE-2021-30657, is responsible for client-side attack vectors involving malware execution and is being exploited by Shlayer malware.

XVigil identified a post on a Telegram channel where the hacktivist group, DragonForce Malaysia has shared an exploit to CVE-2022-26134 to actively target and exploit Indian entities.

Grafana recently released an advisory and patch for a critical path traversal vulnerability which leads to an unauthenticated Local File inclusion. This vulnerability affects Grafana versions v8.0.0-beta1 through v8.3.0, however, the Grafana Cloud remains unaffected.

Amidst the Coronavirus scare, this dark web site exploits people’s fears, to make a quick buck sells COVID-19 masks at 10 times actual cost.

A confidential source has shared previously unknown details about the newly emerging threat actor group Desorden which is actively targeting Asian Conglomerates.

CloudSEK threat intelligence advisory on IcedID Banking Trojan Malware that steals financial information. It also acts as a dropper for other malware.